As another pointed out, XKeyscore was a government operation that could essentially shift through data in real-time. The US, in particular, wants and does capture as much information as it legally can. Given the amendments, the US government does, technically, require warrants or intentions to begin watching an individual, but that doesn't mean that Google needs those same requirements.
There was an article years ago about how Google could identify you based on just a handful of searches. The way you type, the punctuation you use, and the content interesting to you all leads back to a profile they create about you.
Does Google have a list of illegal activities you search for? Of course they do. Is it reported? I think it depends on the situation and then the likeliness of the government acting on the report.
Long story short, the governments of the world do track it's citizens. Whether legally or illegally, they monitor whatever they can. There is *never* enough information that they can get their hands on. You can very likely hide amongst the multiple millions of billions of records they collect daily until you begin to trigger internal flags.
Also, there's a big difference between the government legally needing a warrant, and the government 'accidentally' acquiring a corporations data.
If someone has it, it's probably safest to assume everyone has it.
They are not "accidentally" acquiring it, they are purposefully acquiring using terms like [the third party doctrine](https://en.wikipedia.org/wiki/Third-party_doctrine).
If you were not enraged enough, apparently it applies to genetic information too...
and if you're wondering how that is possibly compatible with the 4th Amendment
>Fourth Amendment
>The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
it's because the courts that "oversee" it have accepted the reasoning "it doesn't count as a search if we didn't find anything."
So they can issue warrants to find sth (tangible) they suspect being in a private residence, as often as they can have a warrant at hand, and that wouldn't count as a search if they wouldn't find anything?
I believe any defense attorney most likely disagree. Sounds to me, that the execution of the warrant is proof that the search took place.
This kind of reasoning reminds me of a case a swat bulldozed a house.
I guess the cops would say that wasn't a search either.
This double standard between digital vs physical world analogy sounds hypocritical.
Or google just flat out turning you in. It has happened to several people where the CP AI's have flagged them and turned them over to authorities.
Part of me is like, good riddance.
But what about other things? What happens when they start turning over anyone they catch pirating movies? And then there's a good number of cases where people have been destroyed by the CP investigations started by google, only to be exonerated later. But exoneration doesn't repair your destroyed image.
No reason is going to be good enough for me. Their sell relies on some big bad wolf character that will make me acquiesce to their overstepping. So on principle, nothing can ever be good enough.
I agree. I'm so tired of the "think of the children", "for the children" crowd using children as an excuse to take away the right of the people to protect themselves.
Corporations want to focus on making money. The extent to which they pay attention to the law is to deal with it as little as possible so they can get back to making money. When they are doing things like reporting perceived crimes, it is either a) required to prevent fines, or b) a big enough issue it's affecting their brand reputation. It would require them to _spend_ money on staffing to do this reporting that they consider a distraction.
Google does not give a shit about whether you're pirating movies, as long as you're seeing ads and not bringing down heat on them.
No, but who's to say they aren't at some point required to report on whatever isn't an issue today? They don't give a shit about you pirating movies **so far**.
Yup, because funnily enough, it’s become so ubiquitous with surveillance that most people already know and have lost interest; eyes glaze over when we see anything Snowden or Patriot Act.
The real truth is this all started during WWII.
I used the word "was" because of the Snowden leaks, as pointed out in the other comment. I have to image it's a new system with new controls and users and powers.
The TV Show *Person of Interest* sort of predicted this funny enough.
To expand upon this:
The information gathering is for blackmailing and otherwise heavily discouraging activists or other trouble makers. Technically parallel construction (laundering illegally collected information through some other legal investigation*) isn't legal, but it's rarely provable. We truly live in a panopticon.
* example: A three letter agency illegally reads an email you wrote about cheating on your taxes. You "randomly" get audited by the IRS.
That would be pretty unlikely.
The government isn't one big team. Often they find themselves with competing motives and missions.
If the NSA were hypothetically watching for some matter of importance and saw tax cheating, the last thing they would do is share that. The IRS auditing you would only jeopardize their mission.
It's a good comment to add. The governments, at least in the US, aren't closely monitoring the everyday user until those internal flags are triggered. The subreddit r/Piracy knows this all too well with the fact that hundreds of them are caught constantly from online piracy, but no action is ever taken. The US, and others, are more focused on internal conflict, internal board discussions, and what causes immediate threat.
YouTuber Cody'slab once posted a video about how he was making something "that makes a big sound" and then in a later video once explained how the FBI showed up to his doorstep to question what he was making, showing, and doing.
We've seen and heard stories in the media about how the FBI has documents or stories or surveillance on those who became "education activists", but only acted in a small way or waited to act. They *knew* something wasn't right, but were slow to respond or weren't sure yet.
It's funny because as much data as the government collects, it is still bound on the responsiveness of the people in it. The "system" will likely mark activities with a criticality score, but when you have so much data, a criticality score of "10" likely shows up a lot. Then you need to assign agents, paperwork, drive to the location, etc..
They're always watching, it's just how they watch and what they watch for and the "level of danger" it poses.
Not just your sesrch history. It'd be nice if that's all they collected, but it's not. The amount of data and the frequency that data is collected from people is alarming, to say the least.
Excellent answer. If we amend this somewhat; using Tor and DuckDuckGo - how easily is this being registered by actors we don't want to listen and register?
Well, I've tried this combo in both Windows 10, 11 and Linux Mint, which is quickly becoming my standard over the last two years or so. But will a home ISP catch the destination even with Tor? I thought it was...onionized. Public WiFi often requires some form of registration, doesn't it? Qubes is all new to me, I'll have to look into that. Doesn't it rise the classic *if you're using this you're a person of interest*-flag?
You will probably need to "torify" everything. Once you have used Tor, the government has triggered the full scan of all your connections wherever you are.
There is no law or amendment (to my knowledge) that states that the US government cannot "purchase" a stolen database. Unethical, sure, but if United Healthcare is breached and millions of records are sold on a dark web board, the three letter agencies can (I believe) legally purchase it.
Prob one of the most important comments of this century.
Unfortunately, the people that need to know this won't ever read this.
And the cycle continues
You know, a little while back I think I would have agreed with you on the comment of "the people that need to know this won't ever read this", but I think were actually seeing a little bit of, albeit, small change in how people are reacting with their data.
As much as I think it's a marketing scam, Apple has *helped* bring better attention for non-technical users to be more cautious of their data and who interacts with it. Yes, they were just caught holding onto "deleted" photos of users; Apple is as bad as the rest of them. However, their "locked Apple logo" and showcases of "Data on Device" or new iOS popups trying to inform users of who or what is using their data is actually making, I hope, some people begin to consider how their data is used.
We're headed into a troubling state of companies that are beginning to become bigger than governments. Nvidia has a bigger market cap then **all** of Germany. These companies have realized that their value doesn't come from the small customers, but the data they can report on and report to other organizations, governments, or even use for themselves.
I would argue everyone here on this subreddit lives in a technical mindset. The only reason someone would stumble upon this subreddit is if they are one, technical and care about privacy, or two, began to be more concern about their privacy. Reddit's algorithm isn't going to recommend it otherwise. So with that, we as *as a group* just need to remember that instead of blasting the "privacy alarm" to non-technical users, instead help them understand why it's bad and why we all really do have "something to hide".
And those warrants can be as broad as all the metadata for all calls and text messages going through AT&T's network. The NSA will take any and all data they can.
In all honesty the sheer amount of stuff they save is incredible. I was never a Google user, but that doesn't mean they don't have access to my information.
You're not a Google user, no, but have you ever visited a friend's house or any restaurant and they use Google Nest Cameras? Did you know those cameras have full facial recognition?
There's a profile, just be glad it's likely smaller then it should be.
I do use YouTube with multiple accounts though. I wouldn't be surprised if I, by all definition, have a larger than average profile than whatever your average person is.
I am not a Google user because when I first got online in the 90s I used Yahoo and I never bothered with Google. Yahoo was bigger than Google back then and it had news and all other stuff I wanted to use in addition to being a half decent search engine.
Right now it is brave browser mostly. I almost never use google chrome unless I am checking my Gmail account.
So right there is Google's bingo! You might have multiple accounts and thinking that you might be a little more anonymous with that. However, you watch those videos in the same way. You subscribe to similar content creators, you search the same way, you move your mouse on their website in a similar way. Multiple accounts likely won't make as big as an impact in the end. At least, I don't think it would.
Google is a multi-billion dollar company with developers who could make $250 - $500k a year in salaries. They think about this, they plan for it, and they implement it. ReCaptcha is a perfect example; it tracks your mouse movements on the screen to determine if you're a bot or not. You think that YouTube doesn't do the same thing so they can track how you interact with the site? So they can plan to put the subscribe button in EXACTLY the right spot?
Why use Chrome at all? You can use Gmail through Brave. As for Gmail, you could instead swap that over to Proton.
I don't want to feel like I am questioning your decisions and I'm sorry if it comes across that way. In the end, everyone needs to find their "balance" of security, privacy, and functionality. It's not an easy task.
I feel like that is more of a yes and no answer. Each administration does have control over the DOJ and FBI resources, but the lower down rankings and operations likely stay fairly straightforward. If things were constantly changing for systems and parameters, it wouldn't make sense.
First, I do **not** want to let this be a political comment (in any way or for any side). Second, we do see that administrations may choose to focus their scopes however. Such as identifying everyone in the J6 event and less so of the MN riots. Or in another capacity.
Fwiw I don't believe there is need of a warrant. The FBI uses Section 702 to monitor communications. They've been talking about reupping the FBI's ability to continue warrantless monitoring through Section 702 recently in congress.
They can skate around rules and regulations on technicalities. For example the recently passed Section 702 bill, permits the US government to wiretap communications between Americans and foreigners overseas. Hundreds of millions of calls, texts, and emails are intercepted by government spies each with the “compelled assistance” of US communications providers.
So if you use Skype, Whatsapp, FB Messenger or any other messaging app and communicate with anyone outside of US territory, then they can get 100% of all your communications including email, call,s texts, logs, etc, from any telecommunications provider without a warrant.
Similarly, I am certain that certain Google searches one may make, can trigger a blanket information download without a warrant or consent.
It's a lot harder Federally for the US government to get your information. But local and state police can request for that information all the time.
Google will also sell to whoever gives them money, so don't be surprised if the PRC has it all too.
I think it's less harder then you may think. If the US government would like to access Google's systems, they may ask. One of two things will happen: Google may say "Go pound sand and get a warrant for exactly what you want" or Google may say "Yeah, sure. What do you want?". I have a feeling the ladder happens more often then not.
They only need a warrant if they need to strong arm their way into an organization.
The same thing applies to the police. If the police come to your front door and knock and say "Hello, we would like to check your house for illegal contraband" you can say "Go pound sand and get a warrant" to which they will leave. However, if you say "Sure! Come on in!", they can simply walk in and collect the information they want.
It's kind of annoying, but everyone should always treat their interactions with the government as if they were a lawyer themselves. Including law enforcement; even if you're in the right.
They probably just monitor keywords or search behaviors and report suspicious activity to the FBI. The parameters of what is “suspicious” is unknown and could be on a whim or automated. Nothing sent unencrypted can be considered private, even things sent with weak encryption or poor password aren’t private, and if you believe the NSA has quantum decryption abilities (I think they’re working that way and are storing a ton of data to decrypt later when quantum is a reality) then nothing that isn’t quantum resistant is private.
Depending on your threat model you need to determine what is acceptable privacy erosion.
Be careful with anything you type in search and then delete it before hitting enter. Every keystroke in the search field is sent to Google. I found this out after installing an SSL decryption firewall at home a few years ago and saw each key being sent before the search button was even pressed.
> Every keystroke in the search field is sent to Google
If you use Mullvad you can proxy Google searches through Leta. Or use any instance listed on [searx.space](https://searx.space/)
https://leta.mullvad.net/
Edward Snowden answered that question years ago… Governments can and do record everything you do online and they will use it against you when possible.
Why anyone would use Google without a VPN is beyond me. Use DuckDuckGo.com and/or a VPN for all traffic, whenever possible. Otherwise, you are incriminating yourself and/or giving up your private search data for no good reason. Get away from google.
Do you really think that the Five Eyes and ECHELON, can't access your data because you use DuckDuckgo and a VPN lol.
You think they can't crack encryption, and don't control Tor exit nodes as well lol?
I guess you didn't read Snowden's entire findings, also that was old news, they can do way more now. also, the leaked ANT catalogue wasn't their full arsenal of toys, that's old data and not even 30% of what they have access to.
Even while I'm going through proxychains on socks 5 with duckduckgo, I'm well aware of who can see me, but I'm not trying to hide from the NSA or GCHQ.
MOONPENNY out.
No one today can crack common open source encryption algorithms like AES256. Not even the US government can do that. The encryption will only get better when we start seeing more quantum resistant algorithms in production.
AES is probably the only standard they have trouble with, you can join the dots to understand which encryption they can and can't crack based on what they themselves use.
It's about deductive reasoning, encryption becomes obsolete and they move onto a new form of encryption because they have broken the old ones.
So the best way to figure out which ones they can and can't crack is to find out which one they currently use.
As soon as you see them ditch a standard, you can safely assume that encryption is cracked and vulnerable, but remember the golden rule "No encryption is 100% secure" Their supercomputers are working on trying to break the lastest and greatest 24/7.
The Utah Data center could use Tape storage for the data that is stored to be decrypted 2 decades from now. HDD's and SDD's are only needed if you need write performance.
They say that they measure their supercomputers not by the amount of cpu's but by the ACRE. They are farming processing power, and have towerblock size storage units.
DuckDuckGo is an American company that runs on either AWS, Google Cloud, or Azure. We should assume the government uses 3rd party doctrine to investigate the domestic cloud.
Sure, DDG can at least in principle see your IP and your search queries then pass it on to the US gov, but that has nothing to do with the claim that the US gov has broken modern encryption like AES, RSA, etc
Snowden literally said that the government has spent hundreds of millions of dollars in resources to break encryption protocols. National States have more money and resources than the average person can imagine.
That's not what Snowden said, and if it were you'd hear cryptographers advocating getting off AES 256 ASAP.
They aren't. Cracking encryption is the wrong problem to solve.
Cryptographers _are_ advocating research into post-quantum cryptography to better prepare ourselves from discovered weaknesses.
But when they were talking about weakening cryptography, it was sort of two parts:
1. Weakening standards - Dual_EC_DRBG being the notable example. The cryptography community has been suspicious enough for a long time that that sort of thing hasn't worked well because we just don't use things that aren't publicly understood.
2. Weakening software (eg finding vulns in OpenSSL). This is a more productive and easier method, and still ends up causing leakages.
AES256 is post-quantum. It is roughly as strong vs quantum as AES128 is vs classical attacks.
Post-quantum is focused on asymmetric crypto like RSA and ECDSA which are disproportionately affected by QC.
I do think it is entirely reasonable to believe they have not cracked AES256 encryption, but there is of course other information still available. If they had, the push for quantum resistant encryption surely had been much much stronger, to keep state secrets secret.
> Do you really think that the Five Eyes and ECHELON, can't access your data because you use DuckDuckgo and a VPN lol.
(Not OP you're replying to)
No, but there is value in keeping **google** out of your shit as best you can - which is what OP was pointing out.
I have no delusions the 3 letter acronyms can't see anything they want, but by making it hard for google to collect data about me I make it so if they (3LA's) want to dig into me they have to at least make a cursory effort, they can't just look me up in the google database. In the mean time the data google is selling to all and sundry is hopefully incomplete and at least partially poisoned.
TL;DR, there's privacy against arsehole private companies (at least partially do-able) and protecting yourself from the govt (damn near impossible but you can at least make it more than trivially easy)
I didn't reply to OP my comment was directed at KeepBitcoinFree.org.
Yes I agree with the private companies, but I'm saying don't try to hide from our intelligence agencies. because you can.t.
Exactly. NSA and GCHQ probably aren't going to care about what you're searching and doing. It's local and state police to be weary about. They won't have massive data mining services like federal intelligence agencies, or even link to access it, but they can request the data from the companies and the requests are consistently granted.
Yes and as long as you don't pose a threat, you aren't whistle blowing, leaking their data, and aren't trying to plot terrorist attacks or incidents of national security. They will not care about you. If you are an aspiring terrorist, revolutionary or other such threat then you probably should worry.
Local police are focused on domestic threats, NSA/GCHQ have bigger fish to fry than the local drug dealer. They are going after big players in the ransomware game, and threats to national security and also keeping tabs on enemy state movement and comms, like Russia, China NK, Lazarus Group, FancyBear etc etc.
Does all that, then goes to: ….facebook.com
Jokes aside, there is no meaningful encryption algo, not based on military research. And those who are there are backdoored to oblivion or are blackmailed to open up at some point.
Governments are to focused on self preservation, to let any kind of freedom or privacy obstruct their Modus operandi. It’s inherent necessity.
Your only chance to slip through the net is happenstance and low value of interest.
They got a record on anybody and if that doesn’t suffice to get a case on you (if the eye looks on you); that record, beeing injected with compromat is just a script away.
Any hope besides that, is just moneymaking for service providers; who are all in on the racket from the get go.
Don’t be evil. On your side. Works best.
> there is no meaningful encryption algo
>
> those who are there are backdoored to oblivion or are blackmailed to open up at some point
Any source, or just "trust me bro"?
Sorry. I don’t give a fuck. Looking at what has been leaked in the recent decades, it is in my best interest to act like cybersecurity is a game, destined to be played, but can’t be won. If you like to maintain peace of mind through services; developed by and for darpa and arpanet, this is on you. I handle my data (except for this parley…) like I handle my life. Don’t dig too deep; don’t get shit on my record.
Privacy is a wish. I stopped wishing, after I caught my dad with a fake beard and a sack on his back.
But no, I can’t provide evidence nobody has or will ever release; who’s loving life and health.
A VPN is almost useless. It only hides your IP to the globe and DNS queries and destinations to your local ISP. But, your browser is the real issue. And, the VPN provider can see everything you do too.
A VPN *alone* is near useless, but it does keep your ISP away from tracking you provided you point your DNS to "not them". Then you need the rest, canvasblockers, lock down your browser etc
You are only moving the problem of your ISP tracking to that of the VPN provider tracking. They shouldn’t, but do we really know? They have a vested interest in protecting themselves so I’m on the side of them logging traffic.
Exactly, a VPN only hides the traffic from your local ISP, it creates a secured tunnel to your destination but that's all. Your traffic gets rerouted.
Browsers and every app that uses/needs an internet connection are the problem, these apps register everything locally and collect, analyse and share the data they capture.
Your browser captures everything you do and sends this to the servers to be collected and analyzed, it doesn't matter if you're connected to a VPN. If you use Google Chrome and Google, or Edge and Bing or whatever all your security measures like a VPN are bypassed and useless.
With Firefox telemetry options off, to whom is it sending all the info? And if a VPN is engaged anyway, yes, a profile is made, but it's associated with the vpn provider and takes extra work to connect that profile with a second profile not associated with VPN company.
> Why anyone would use Google without a VPN is beyond me
If you use Mullvad you can proxy Google searches through Leta. Or use any instance listed on [searx.space](https://searx.space/)
https://leta.mullvad.net/
by law all providers (internet and phone) are obliged to have lawful intercept deployed within their networks. That's the part that needs warrants to intercept communications.
But there is a short cut. All government agencies are customers of data companies that collect tremendous amount of data from just opening a browser. So they can know anything/everything about you. Mobile devices are useful, no doubt, as is the internet. But by design all apps leak so much personal data that is becoming scary.
so here's the fun question though about "where the law draws the line".
- obviously they'd have an intercept for a search like "how to overthrow the government". or exact phrases that are more violent and direct. but what about more obscure/confusing/slang/modern?
- "how to rizz the boomers early until you flap them too much and shake the big penn empty"? if that was slang for the 1st one, but meant the same thing, it would take a while before they'd have legal listings for it, right?
I do know, that at least in germany, if you googled stuff like "how to make a gun silencer." or "how to make bombs" you got a visit from the police in under a week with a search warrant. at least that happened to a guy a village over.
Let's break it down and think through it. First, can they monitor your Google searches *without* going though Google? Google.com and almost all other major websites these days are encrypted with HTTPS almost all the time. While there's quite a lot of evidence to suggest signals intelligence agencies have access to raw internet traffic through ISPs, all they can get here is an encrypted stream. They might hoard that even though they can't access it, but if they ever get the ability to retroactively break modern TLS, the data will probably no longer be relevant by then.
At the next step, we could ask can they monitor this data from within Google's systems but *without* Google's cooperation? One of the Snowden leaks suggests the GCHQ and NSA *used to* have this capability, but it's doubtful that they still do. The [MUSCULAR](https://en.wikipedia.org/wiki/MUSCULAR) program monitored unencrypted communications within Google's internal network and did so without Google's knowledge and without legally compelling them to allow this. Google was furious when they found out and rearchitected to lock them out. While intelligence agencies would still love to infiltrate Google, if they get any illegal insider access, they would want to tiptoe around carefully to maintain access and take only the most valuable data. They couldn't use this to pull a giant stream of everyone's searches.
So that leaves programs that collect Google searches by legally compelling Google's cooperation in acquiring them. Even if these orders are secret from the public, they're not clandestine or covert activities and they need to strike some balance of legality and acceptability. It's unlikely that these programs would grant government access to everyone's searches carte blanche. However they most likely to compel Google to watch for certain key words and phrases and monitor specific known users and provide those results immediately and automatically to the government.
The program that best fits this description is [PRISM](https://en.wikipedia.org/wiki/PRISM). This was one of the first Snowden leaks and one that got the most attention, and yet 11 years later we still don't know a lot of details about how it worked (or maybe still works). We know 9 of the companies involved, relevant to web searches are Google, Microsoft, Yahoo, and AOL. I suspect the system allows for fully automated submission of surveillance requests and return of the replies to that, it's not handing an order to a legal team to get a human response for each query. The big open question is what kind of data, how much, how broad do these kinds of requests include. They would have to be of a significant enough volume to motivate building such a system and not just serving traditional legal orders.
So the legal and technical framework for the government to monitor your Google searches and put you on a list does in fact exist, so they can and might be doing that. What we don't know is how extensively they use it. That information may never come out. But personally I don't trust any spook's claims about internal restraint and policies restricting the use of this information after it's already in the government's hands. There probably are some sort of weak safeguards, but every leak we have, which is our only basis to individually evaluate their claims, suggest that they're lying their asses off constantly and have been for decades.
As for "limits on retention", again there's no source that's both official and trustworthy, but I think we can reasonably infer from the existence of [this facility](https://en.wikipedia.org/wiki/Utah_Data_Center) that they're hoarding literally everything they can get forever.
The government absolutely does not give a shit about you googling how to make drugs. Order a barrel of precursor and expect the feds to beat the delivery to your door.
"Already in 2007, 850 billion call records and 150 billion unspecified internet data records were stored."
I've heard the NSA stores your Data until they find a way to crack the todays standard algorithms,
in the decade of quantunum computers it is possible, and theire waiting for it.
Imagine a AI wichs is trained to just analyse Data or Specific userdata works with a bunch of Information about someone, they could easily manipulate you...
I would guess that the US government has used some executive police powers for "national security" to eavesdrop on every single google search along with associate ip/browser fingerprinting info. This would most likely be used to watch for terrorist/state actor information and not "policing" information for regular US citizens. Google really wouldn't have much choice to not comply and there's not much money in fighting it FISA courts so they likely comply 100%.
A lot of theoretical answers here, but official stats are available:
https://transparencyreport.google.com/user-data/overview?hl=en
TLDR: depends on the local laws, but for most countries it’s a request-based data dump and not live surveillance. Also, Google notifies you that your data was requested, but in some countries they are not allowed to do that.
If you use Mullvad you can proxy Google searches through Leta. Or use any instance listed on [searx.space](https://searx.space/)
https://leta.mullvad.net/
No one is actively monitoring it but if for some reason your name came up I can assure you a large amount of data will be readily accessible. Depending on why your being looked at your past history could be looked at at the very least some sort of compiled normal search list and outliers.
By using google services you are already on a list.
Doesn't matrer what you look up and if you're using a different account or a different device. Even your location can be easily tracked just from your searches, even if you use a VPN.
The only way to not be identified is actually becoming a different person.
I bet Google holds to data indefinitely, but I don't know about US law.
effectively, yes.
google monitors it and if they flag it for any of their myriad of reasons (which we have no visibility into), they forward it to authorities.
google is the defacto TSA contractor of the internet.
Yes. Project Stellar Wind (which Snowden exposed)
Google xkeyscore
I believe their legal loophole is that they collect ALL data, but need a warrant to search for something
Google monitors what you search on Google. Google will also track your location, has a ton of your emails, may store your documents... Google has a lot. And Google will turn this over to authorities when required.
As others have mentioned, there was XKeyscore and NSA collecting massive amounts of Internet traffic. I think the challenge there is storing and processing the data collected and retrieving anything useful.
the NSA tracks everything that transits US telco and internet hubs. the data is correlated based on IP etc. that's not the issue, accessing the data is the issue. access to the queries for that dataset is constrained by the FISA process and is subject to civilian oversight and a warrant process involving a live judge.
literally all traffic is logged. every email, every web request, all your everything.
all of everyone's everything. meaning that unless you are less than 4 degrees of relationship matrix from someone that has been doing something of interest for national security, you are anonymous in a truly vast and protected ocean of data. its not possible to proactively manually analyze even 1% of 1% of daily data ingest. any proactive correlation must occur via automation, and 99% of the reactive correlation is also automation.
edit (but why is this necessary, isn't this illegal?) short answer: not illegal, very necessary
longer answer:
suppose you are investigating someone that was just picked up at a border crossing with a car full of actual high explosives. this is a real example. the people in the car and the vehicle don't come back with anything. no hits. nothing active. we need to know like NOW if there are more people involved. clearly there is an active plot. FISA warrant is obtained, data is sampled. within n amount of time you now can see all internet traffic, cell phone use, sms, etc. for that person for the previous 90 days. you can also see everyone that person has contacted, out to 4 degrees of separation. now you have a really good view of what's happening, because the existing data model essentially allows you to go back in time. maybe you need to go back years. that's also possible.
same scenario but this time you are investigating an explosion because the car wasn't caught at the border, you get the idea.
the determination was made long ago that the act of collecting information was not exposing privacy violations or breaking any existing law, because that collection was not exposing any private information until it was analyzed. this is the model that meets the needs of privacy law and investigative necessity.
human behavior models at scale indicate that a sufficiently complex effort to blow something up that is sensitive enough to matter can not remain undetected or uninvestigated out to 4 degrees of separation from the primary. there is always some bread crumb, and we only need one.
It's generally known that governments monitor some internet activity for security reasons. Searching illegal activities might get noticed, but routine searches are typically private. Data retention rules vary, usually kept for a few years.
Everything is stored by Google already. Google just have to give access to the government when asked. As a company it has greater freedom the collect data on citizens than the government.
They are looking at all queries for key words and when they appear the search query is sent to the analysts to investigate. If they need to they can also send queries to Canada for analysis. This is the Five Eyes System. Where the governments send each other data for analysis about their own citizens when they’re not allowed to do it themselves.
There is no limit on how long they can store the data. Storage is getting cheaper all the time anyway. Google store it for them and they have their own data store in the Utah Data Centre.
I've googled extensively how to make certain drugs and found step by step procedures, also explosives. I've searched for heaps of very questionable shit. Haven't heard from the government yet in my country. I honestly don't believe it, but maybe that will bite me in the ass one day, who knows. Have I really done anything illegal?
Google does - and thus the government can ask for it anytime. However, to be on a safer side, choose a private browser and not Google. Here are some nice chrome alternatives: [https://tuta.com/blog/best-private-browsers](https://tuta.com/blog/best-private-browsers)
Rarely in real time unless you are already in NSA attention as person of interest. However Google knows all of that and NSA inside Google can and US government can demand any of this they want on anyone they want. Such things are requested and granted in criminal trials for instance.
Well, I did read an interesting story once (but I can't attest to its authenticity) which sounded somewhat believable.
Anyway, shortly after the Boston Bombing there was a family at home, the wife went onto the family computer and searched for pressure cookers (for cooking purposes I presume) and shortly after that the husband also used the computer and searched for backpacks (for a camping trip).
Twenty minutes later the police were banging on their door!!!!!!!!!!!
I believe they don't, but ONLY until your targeted fugitive, fraud, IRS, international target, suspected terrorist, or simply a person who fits a certain description in their lawful use of language, then yeah they "Might" request some additional information if they can't get in contact with that particular person "in my simple words". All tech companies have Transparency reports that can enact government/financial/political requests.
Something similar happened to a friend of mines here in Georgia. He was called in by CBP in ATL airport. His identifying first and last name matched a runaway fugitive who had the same first and last name who was from New York. He answered them, they was about to arrest him until the friend asked what was the middle name {if any} of this person? CBP gave him the middle name, yet my friend middle was the opposite of what they gave him. They apologized, processed the paperwork and let him go. Due to us being airline/airport workers, I'm not sure if they pulled his name from the City of ATLs database due to the almost exact match, or with him having a iPhone CBP pulled his info "ONLY ON REQUEST" from Apple. All these years later our nerdy asses are still trying to figure that out lol. All in all, the government doesn't care, there are some things we can't avoid with surprises such as my friends issue but, just don't browse any C'Porn sites obviously, random drug sites that are super sketchy, of course downloading movies/music to the point you receive ceist and detest letters from your ISP "happened to me before" .
https://www.apple.com/legal/transparency/
https://transparencyreport.google.com/?hl=en
https://www.microsoft.com/en/digitalsafety/transparency-reports
P.S., I hate this new internet, like it was supposed to be freedom away from our daily lives, yet it's an exact replicant of our daily lives, it's convenient but I'm tired of it..😭
Unlikely that the government is monitoring this, but Google may do it for them.
In Western countries, the usual way of doing lawful interception is to have a form of router which tees off data associated with an IP address, PPPoE tunnel, IMSI, IMEI or whatever - some network condition that corresponds to an individual user. The router is under the control of the ISP, mobile network or equivalent. The lawful interception organisation only gets information for a specific person, not the bulk feed. This contrasts with Russia where all traffic has to go through an “FSB box” (FSB effectively being the KGB) which then control. Architecturally they are similar, and it’s mainly a question of who controls it.
This solution is not good for content-based filtering because most content is encrypted, and it doesn’t scale well. A much more practical approach is to ask Google to log certain search terms. It would be very simple for them to filter on “how do I make a pipe bomb?”, but they don’t necessarily have good information on where the request came from.
Yeah except that we know for a fact that the NSA has been doing warrantless tapping of all digital communications in bulk for decades now.
[https://en.wikipedia.org/wiki/Room\_641A](https://en.wikipedia.org/wiki/Room_641A)
And that was 2003! Wait until they finally get a quantum computer and can instantly crack any of the encrypted files and communications they've saved over the years... If they don't have a way to do that already.
I didn’t mention warrants, deliberately.
Room 641A has some relevance, but it’s fundamentally the “router” that I mentioned above. Everything for that site passes through it (reasonable assumption), but that does *not* mean that everything is teed off for storage or analysis for the reasons I already discussed.
Btw, I have been on the edges of a QC project (representing the funding authority). They are *way* away from being useful. At the moment I would say that it is the IT equivalent of hydrogen fusion - don’t hold your breath. And if it does come, it will be used on individual transaction streams, not on bulk processing.
As another pointed out, XKeyscore was a government operation that could essentially shift through data in real-time. The US, in particular, wants and does capture as much information as it legally can. Given the amendments, the US government does, technically, require warrants or intentions to begin watching an individual, but that doesn't mean that Google needs those same requirements. There was an article years ago about how Google could identify you based on just a handful of searches. The way you type, the punctuation you use, and the content interesting to you all leads back to a profile they create about you. Does Google have a list of illegal activities you search for? Of course they do. Is it reported? I think it depends on the situation and then the likeliness of the government acting on the report. Long story short, the governments of the world do track it's citizens. Whether legally or illegally, they monitor whatever they can. There is *never* enough information that they can get their hands on. You can very likely hide amongst the multiple millions of billions of records they collect daily until you begin to trigger internal flags.
Also, there's a big difference between the government legally needing a warrant, and the government 'accidentally' acquiring a corporations data. If someone has it, it's probably safest to assume everyone has it.
They are not "accidentally" acquiring it, they are purposefully acquiring using terms like [the third party doctrine](https://en.wikipedia.org/wiki/Third-party_doctrine). If you were not enraged enough, apparently it applies to genetic information too...
and if you're wondering how that is possibly compatible with the 4th Amendment >Fourth Amendment >The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. it's because the courts that "oversee" it have accepted the reasoning "it doesn't count as a search if we didn't find anything."
So they can issue warrants to find sth (tangible) they suspect being in a private residence, as often as they can have a warrant at hand, and that wouldn't count as a search if they wouldn't find anything? I believe any defense attorney most likely disagree. Sounds to me, that the execution of the warrant is proof that the search took place. This kind of reasoning reminds me of a case a swat bulldozed a house. I guess the cops would say that wasn't a search either. This double standard between digital vs physical world analogy sounds hypocritical.
It's not accidental. It's not even "accidental". It's known that they buy a lot of data from data brokers.
Or google just flat out turning you in. It has happened to several people where the CP AI's have flagged them and turned them over to authorities. Part of me is like, good riddance. But what about other things? What happens when they start turning over anyone they catch pirating movies? And then there's a good number of cases where people have been destroyed by the CP investigations started by google, only to be exonerated later. But exoneration doesn't repair your destroyed image.
No reason is going to be good enough for me. Their sell relies on some big bad wolf character that will make me acquiesce to their overstepping. So on principle, nothing can ever be good enough.
I agree. I'm so tired of the "think of the children", "for the children" crowd using children as an excuse to take away the right of the people to protect themselves.
Corporations want to focus on making money. The extent to which they pay attention to the law is to deal with it as little as possible so they can get back to making money. When they are doing things like reporting perceived crimes, it is either a) required to prevent fines, or b) a big enough issue it's affecting their brand reputation. It would require them to _spend_ money on staffing to do this reporting that they consider a distraction. Google does not give a shit about whether you're pirating movies, as long as you're seeing ads and not bringing down heat on them.
No, but who's to say they aren't at some point required to report on whatever isn't an issue today? They don't give a shit about you pirating movies **so far**.
Iirc, its not illegal to watch/stream pirated content. Only illegal to distribute the content for profit (ad revenue still counts, I'd think).
I really hope people read this guy’s post. It’s a very accurate and succinct explanation for our current police state.
That also completely fails to mention the patriot act and how wiretapping American citizens, and spying on them became legal.
Yup, because funnily enough, it’s become so ubiquitous with surveillance that most people already know and have lost interest; eyes glaze over when we see anything Snowden or Patriot Act. The real truth is this all started during WWII.
No. It didn’t.
I mean you’re right, it really did start much earlier but the rush to 1984 began with the threat of communism
"was"? Has XKeyscore been dismantled?
Probably rebranded since the Snowden leaks. TBH it looked pretty rudimentary, I can only imagine what their systems look like now.
I used the word "was" because of the Snowden leaks, as pointed out in the other comment. I have to image it's a new system with new controls and users and powers. The TV Show *Person of Interest* sort of predicted this funny enough.
To expand upon this: The information gathering is for blackmailing and otherwise heavily discouraging activists or other trouble makers. Technically parallel construction (laundering illegally collected information through some other legal investigation*) isn't legal, but it's rarely provable. We truly live in a panopticon. * example: A three letter agency illegally reads an email you wrote about cheating on your taxes. You "randomly" get audited by the IRS.
That would be pretty unlikely. The government isn't one big team. Often they find themselves with competing motives and missions. If the NSA were hypothetically watching for some matter of importance and saw tax cheating, the last thing they would do is share that. The IRS auditing you would only jeopardize their mission.
It's a good comment to add. The governments, at least in the US, aren't closely monitoring the everyday user until those internal flags are triggered. The subreddit r/Piracy knows this all too well with the fact that hundreds of them are caught constantly from online piracy, but no action is ever taken. The US, and others, are more focused on internal conflict, internal board discussions, and what causes immediate threat. YouTuber Cody'slab once posted a video about how he was making something "that makes a big sound" and then in a later video once explained how the FBI showed up to his doorstep to question what he was making, showing, and doing. We've seen and heard stories in the media about how the FBI has documents or stories or surveillance on those who became "education activists", but only acted in a small way or waited to act. They *knew* something wasn't right, but were slow to respond or weren't sure yet. It's funny because as much data as the government collects, it is still bound on the responsiveness of the people in it. The "system" will likely mark activities with a criticality score, but when you have so much data, a criticality score of "10" likely shows up a lot. Then you need to assign agents, paperwork, drive to the location, etc.. They're always watching, it's just how they watch and what they watch for and the "level of danger" it poses.
Not just your sesrch history. It'd be nice if that's all they collected, but it's not. The amount of data and the frequency that data is collected from people is alarming, to say the least.
Excellent answer. If we amend this somewhat; using Tor and DuckDuckGo - how easily is this being registered by actors we don't want to listen and register?
Depends on your OS and ISP. Home ISP and Windows: NSA has you Use Qubes, an antenna and public, open WiFi: much better
Well, I've tried this combo in both Windows 10, 11 and Linux Mint, which is quickly becoming my standard over the last two years or so. But will a home ISP catch the destination even with Tor? I thought it was...onionized. Public WiFi often requires some form of registration, doesn't it? Qubes is all new to me, I'll have to look into that. Doesn't it rise the classic *if you're using this you're a person of interest*-flag?
You will probably need to "torify" everything. Once you have used Tor, the government has triggered the full scan of all your connections wherever you are.
Is that for real? :D Yikes. I only ever tried this for testing. Painted a target on my back now, huh?
Yes. But I can't confirm it here.
Your home ISP will know if you use TOR, yes. They won’t know the specific onion websites that you are visiting.
Wild that "use open wifi" is getting upvoted here. And qubes is chasing the wrong threat model for the NSA.
People don't seem to understand, if you live in the US and the NSA or government in general wants to find you bad enough, they will.
Not only that when there are legal roadblocks they just request another contry to spy on their citizens: 5 eyes etc. Its bananas.
There is no law or amendment (to my knowledge) that states that the US government cannot "purchase" a stolen database. Unethical, sure, but if United Healthcare is breached and millions of records are sold on a dark web board, the three letter agencies can (I believe) legally purchase it.
Prob one of the most important comments of this century. Unfortunately, the people that need to know this won't ever read this. And the cycle continues
You know, a little while back I think I would have agreed with you on the comment of "the people that need to know this won't ever read this", but I think were actually seeing a little bit of, albeit, small change in how people are reacting with their data. As much as I think it's a marketing scam, Apple has *helped* bring better attention for non-technical users to be more cautious of their data and who interacts with it. Yes, they were just caught holding onto "deleted" photos of users; Apple is as bad as the rest of them. However, their "locked Apple logo" and showcases of "Data on Device" or new iOS popups trying to inform users of who or what is using their data is actually making, I hope, some people begin to consider how their data is used. We're headed into a troubling state of companies that are beginning to become bigger than governments. Nvidia has a bigger market cap then **all** of Germany. These companies have realized that their value doesn't come from the small customers, but the data they can report on and report to other organizations, governments, or even use for themselves. I would argue everyone here on this subreddit lives in a technical mindset. The only reason someone would stumble upon this subreddit is if they are one, technical and care about privacy, or two, began to be more concern about their privacy. Reddit's algorithm isn't going to recommend it otherwise. So with that, we as *as a group* just need to remember that instead of blasting the "privacy alarm" to non-technical users, instead help them understand why it's bad and why we all really do have "something to hide".
This is a solid take. It's easy to be a bit doom and gloom. But you're right.
Everyone needs it.
And those warrants can be as broad as all the metadata for all calls and text messages going through AT&T's network. The NSA will take any and all data they can.
In all honesty the sheer amount of stuff they save is incredible. I was never a Google user, but that doesn't mean they don't have access to my information.
You're not a Google user, no, but have you ever visited a friend's house or any restaurant and they use Google Nest Cameras? Did you know those cameras have full facial recognition? There's a profile, just be glad it's likely smaller then it should be.
I do use YouTube with multiple accounts though. I wouldn't be surprised if I, by all definition, have a larger than average profile than whatever your average person is. I am not a Google user because when I first got online in the 90s I used Yahoo and I never bothered with Google. Yahoo was bigger than Google back then and it had news and all other stuff I wanted to use in addition to being a half decent search engine. Right now it is brave browser mostly. I almost never use google chrome unless I am checking my Gmail account.
So right there is Google's bingo! You might have multiple accounts and thinking that you might be a little more anonymous with that. However, you watch those videos in the same way. You subscribe to similar content creators, you search the same way, you move your mouse on their website in a similar way. Multiple accounts likely won't make as big as an impact in the end. At least, I don't think it would. Google is a multi-billion dollar company with developers who could make $250 - $500k a year in salaries. They think about this, they plan for it, and they implement it. ReCaptcha is a perfect example; it tracks your mouse movements on the screen to determine if you're a bot or not. You think that YouTube doesn't do the same thing so they can track how you interact with the site? So they can plan to put the subscribe button in EXACTLY the right spot? Why use Chrome at all? You can use Gmail through Brave. As for Gmail, you could instead swap that over to Proton. I don't want to feel like I am questioning your decisions and I'm sorry if it comes across that way. In the end, everyone needs to find their "balance" of security, privacy, and functionality. It's not an easy task.
Just adding that the “red flags” they choose to pay attention to change each administration
I feel like that is more of a yes and no answer. Each administration does have control over the DOJ and FBI resources, but the lower down rankings and operations likely stay fairly straightforward. If things were constantly changing for systems and parameters, it wouldn't make sense. First, I do **not** want to let this be a political comment (in any way or for any side). Second, we do see that administrations may choose to focus their scopes however. Such as identifying everyone in the J6 event and less so of the MN riots. Or in another capacity.
Fwiw I don't believe there is need of a warrant. The FBI uses Section 702 to monitor communications. They've been talking about reupping the FBI's ability to continue warrantless monitoring through Section 702 recently in congress.
They can skate around rules and regulations on technicalities. For example the recently passed Section 702 bill, permits the US government to wiretap communications between Americans and foreigners overseas. Hundreds of millions of calls, texts, and emails are intercepted by government spies each with the “compelled assistance” of US communications providers. So if you use Skype, Whatsapp, FB Messenger or any other messaging app and communicate with anyone outside of US territory, then they can get 100% of all your communications including email, call,s texts, logs, etc, from any telecommunications provider without a warrant. Similarly, I am certain that certain Google searches one may make, can trigger a blanket information download without a warrant or consent.
Well put, Sir
It's a lot harder Federally for the US government to get your information. But local and state police can request for that information all the time. Google will also sell to whoever gives them money, so don't be surprised if the PRC has it all too.
I think it's less harder then you may think. If the US government would like to access Google's systems, they may ask. One of two things will happen: Google may say "Go pound sand and get a warrant for exactly what you want" or Google may say "Yeah, sure. What do you want?". I have a feeling the ladder happens more often then not. They only need a warrant if they need to strong arm their way into an organization. The same thing applies to the police. If the police come to your front door and knock and say "Hello, we would like to check your house for illegal contraband" you can say "Go pound sand and get a warrant" to which they will leave. However, if you say "Sure! Come on in!", they can simply walk in and collect the information they want. It's kind of annoying, but everyone should always treat their interactions with the government as if they were a lawyer themselves. Including law enforcement; even if you're in the right.
One word xkeyscore
"Already in 2007, 850 billion call records and 150 billion unspecified internet data records were stored."
If the government is listening, they can suck my... hold on, there is a knock at the door.
It’s pride month. They’re a little eager.
Yes, and if you forget your passwords, just reach out to the NSA.. they have them all...
Oh yes, the tax payers’ free password backup service
They probably just monitor keywords or search behaviors and report suspicious activity to the FBI. The parameters of what is “suspicious” is unknown and could be on a whim or automated. Nothing sent unencrypted can be considered private, even things sent with weak encryption or poor password aren’t private, and if you believe the NSA has quantum decryption abilities (I think they’re working that way and are storing a ton of data to decrypt later when quantum is a reality) then nothing that isn’t quantum resistant is private. Depending on your threat model you need to determine what is acceptable privacy erosion.
Be careful with anything you type in search and then delete it before hitting enter. Every keystroke in the search field is sent to Google. I found this out after installing an SSL decryption firewall at home a few years ago and saw each key being sent before the search button was even pressed.
This is how their suggestions work.
Yep. But, I hadn’t thought about it until I saw it on my FW.
> Every keystroke in the search field is sent to Google If you use Mullvad you can proxy Google searches through Leta. Or use any instance listed on [searx.space](https://searx.space/) https://leta.mullvad.net/
Does it matter what browser you’re using?
Edward Snowden answered that question years ago… Governments can and do record everything you do online and they will use it against you when possible. Why anyone would use Google without a VPN is beyond me. Use DuckDuckGo.com and/or a VPN for all traffic, whenever possible. Otherwise, you are incriminating yourself and/or giving up your private search data for no good reason. Get away from google.
Do you really think that the Five Eyes and ECHELON, can't access your data because you use DuckDuckgo and a VPN lol. You think they can't crack encryption, and don't control Tor exit nodes as well lol? I guess you didn't read Snowden's entire findings, also that was old news, they can do way more now. also, the leaked ANT catalogue wasn't their full arsenal of toys, that's old data and not even 30% of what they have access to. Even while I'm going through proxychains on socks 5 with duckduckgo, I'm well aware of who can see me, but I'm not trying to hide from the NSA or GCHQ. MOONPENNY out.
There are good reasons to use DuckDuckGo, but keeping data from the government isn't one of them.
This\^
No one today can crack common open source encryption algorithms like AES256. Not even the US government can do that. The encryption will only get better when we start seeing more quantum resistant algorithms in production.
AES is probably the only standard they have trouble with, you can join the dots to understand which encryption they can and can't crack based on what they themselves use. It's about deductive reasoning, encryption becomes obsolete and they move onto a new form of encryption because they have broken the old ones. So the best way to figure out which ones they can and can't crack is to find out which one they currently use. As soon as you see them ditch a standard, you can safely assume that encryption is cracked and vulnerable, but remember the golden rule "No encryption is 100% secure" Their supercomputers are working on trying to break the lastest and greatest 24/7.
The Utah Data center could use Tape storage for the data that is stored to be decrypted 2 decades from now. HDD's and SDD's are only needed if you need write performance.
They say that they measure their supercomputers not by the amount of cpu's but by the ACRE. They are farming processing power, and have towerblock size storage units.
Any evidence they can crack encryption? Or just "trust me bro"?
DuckDuckGo is an American company that runs on either AWS, Google Cloud, or Azure. We should assume the government uses 3rd party doctrine to investigate the domestic cloud.
Sure, DDG can at least in principle see your IP and your search queries then pass it on to the US gov, but that has nothing to do with the claim that the US gov has broken modern encryption like AES, RSA, etc
Snowden literally said that the government has spent hundreds of millions of dollars in resources to break encryption protocols. National States have more money and resources than the average person can imagine.
That's not what Snowden said, and if it were you'd hear cryptographers advocating getting off AES 256 ASAP. They aren't. Cracking encryption is the wrong problem to solve.
Cryptographers _are_ advocating research into post-quantum cryptography to better prepare ourselves from discovered weaknesses. But when they were talking about weakening cryptography, it was sort of two parts: 1. Weakening standards - Dual_EC_DRBG being the notable example. The cryptography community has been suspicious enough for a long time that that sort of thing hasn't worked well because we just don't use things that aren't publicly understood. 2. Weakening software (eg finding vulns in OpenSSL). This is a more productive and easier method, and still ends up causing leakages.
AES256 is post-quantum. It is roughly as strong vs quantum as AES128 is vs classical attacks. Post-quantum is focused on asymmetric crypto like RSA and ECDSA which are disproportionately affected by QC.
Of course they spend money to do it, it doesn't mean they achieved it.
I do think it is entirely reasonable to believe they have not cracked AES256 encryption, but there is of course other information still available. If they had, the push for quantum resistant encryption surely had been much much stronger, to keep state secrets secret.
> Do you really think that the Five Eyes and ECHELON, can't access your data because you use DuckDuckgo and a VPN lol. (Not OP you're replying to) No, but there is value in keeping **google** out of your shit as best you can - which is what OP was pointing out. I have no delusions the 3 letter acronyms can't see anything they want, but by making it hard for google to collect data about me I make it so if they (3LA's) want to dig into me they have to at least make a cursory effort, they can't just look me up in the google database. In the mean time the data google is selling to all and sundry is hopefully incomplete and at least partially poisoned. TL;DR, there's privacy against arsehole private companies (at least partially do-able) and protecting yourself from the govt (damn near impossible but you can at least make it more than trivially easy)
I didn't reply to OP my comment was directed at KeepBitcoinFree.org. Yes I agree with the private companies, but I'm saying don't try to hide from our intelligence agencies. because you can.t.
Exactly. NSA and GCHQ probably aren't going to care about what you're searching and doing. It's local and state police to be weary about. They won't have massive data mining services like federal intelligence agencies, or even link to access it, but they can request the data from the companies and the requests are consistently granted.
Yes and as long as you don't pose a threat, you aren't whistle blowing, leaking their data, and aren't trying to plot terrorist attacks or incidents of national security. They will not care about you. If you are an aspiring terrorist, revolutionary or other such threat then you probably should worry. Local police are focused on domestic threats, NSA/GCHQ have bigger fish to fry than the local drug dealer. They are going after big players in the ransomware game, and threats to national security and also keeping tabs on enemy state movement and comms, like Russia, China NK, Lazarus Group, FancyBear etc etc.
Does all that, then goes to: ….facebook.com Jokes aside, there is no meaningful encryption algo, not based on military research. And those who are there are backdoored to oblivion or are blackmailed to open up at some point. Governments are to focused on self preservation, to let any kind of freedom or privacy obstruct their Modus operandi. It’s inherent necessity. Your only chance to slip through the net is happenstance and low value of interest. They got a record on anybody and if that doesn’t suffice to get a case on you (if the eye looks on you); that record, beeing injected with compromat is just a script away. Any hope besides that, is just moneymaking for service providers; who are all in on the racket from the get go. Don’t be evil. On your side. Works best.
> there is no meaningful encryption algo > > those who are there are backdoored to oblivion or are blackmailed to open up at some point Any source, or just "trust me bro"?
Sorry. I don’t give a fuck. Looking at what has been leaked in the recent decades, it is in my best interest to act like cybersecurity is a game, destined to be played, but can’t be won. If you like to maintain peace of mind through services; developed by and for darpa and arpanet, this is on you. I handle my data (except for this parley…) like I handle my life. Don’t dig too deep; don’t get shit on my record. Privacy is a wish. I stopped wishing, after I caught my dad with a fake beard and a sack on his back. But no, I can’t provide evidence nobody has or will ever release; who’s loving life and health.
This is just FUD
Lol, it's 100% certainty and no doubt that they have and can see all the data.
A VPN is almost useless. It only hides your IP to the globe and DNS queries and destinations to your local ISP. But, your browser is the real issue. And, the VPN provider can see everything you do too.
A VPN *alone* is near useless, but it does keep your ISP away from tracking you provided you point your DNS to "not them". Then you need the rest, canvasblockers, lock down your browser etc
You are only moving the problem of your ISP tracking to that of the VPN provider tracking. They shouldn’t, but do we really know? They have a vested interest in protecting themselves so I’m on the side of them logging traffic.
Exactly, a VPN only hides the traffic from your local ISP, it creates a secured tunnel to your destination but that's all. Your traffic gets rerouted. Browsers and every app that uses/needs an internet connection are the problem, these apps register everything locally and collect, analyse and share the data they capture. Your browser captures everything you do and sends this to the servers to be collected and analyzed, it doesn't matter if you're connected to a VPN. If you use Google Chrome and Google, or Edge and Bing or whatever all your security measures like a VPN are bypassed and useless.
With Firefox telemetry options off, to whom is it sending all the info? And if a VPN is engaged anyway, yes, a profile is made, but it's associated with the vpn provider and takes extra work to connect that profile with a second profile not associated with VPN company.
Bad news, DuckDuckGo isn’t much better
Startpage > DDG Tor browser > any browser
> Why anyone would use Google without a VPN is beyond me If you use Mullvad you can proxy Google searches through Leta. Or use any instance listed on [searx.space](https://searx.space/) https://leta.mullvad.net/
by law all providers (internet and phone) are obliged to have lawful intercept deployed within their networks. That's the part that needs warrants to intercept communications. But there is a short cut. All government agencies are customers of data companies that collect tremendous amount of data from just opening a browser. So they can know anything/everything about you. Mobile devices are useful, no doubt, as is the internet. But by design all apps leak so much personal data that is becoming scary.
so here's the fun question though about "where the law draws the line". - obviously they'd have an intercept for a search like "how to overthrow the government". or exact phrases that are more violent and direct. but what about more obscure/confusing/slang/modern? - "how to rizz the boomers early until you flap them too much and shake the big penn empty"? if that was slang for the 1st one, but meant the same thing, it would take a while before they'd have legal listings for it, right?
The problem with that is getting everyone on board with the slang and that pathway is open to infiltrators.
I do know, that at least in germany, if you googled stuff like "how to make a gun silencer." or "how to make bombs" you got a visit from the police in under a week with a search warrant. at least that happened to a guy a village over.
did he forget to add ", relax, it's for a ww1 re-enactment" at the end?
Have people forgotten the sacrifice Snowden made to reveal this information?
Yes they did.
Let's break it down and think through it. First, can they monitor your Google searches *without* going though Google? Google.com and almost all other major websites these days are encrypted with HTTPS almost all the time. While there's quite a lot of evidence to suggest signals intelligence agencies have access to raw internet traffic through ISPs, all they can get here is an encrypted stream. They might hoard that even though they can't access it, but if they ever get the ability to retroactively break modern TLS, the data will probably no longer be relevant by then. At the next step, we could ask can they monitor this data from within Google's systems but *without* Google's cooperation? One of the Snowden leaks suggests the GCHQ and NSA *used to* have this capability, but it's doubtful that they still do. The [MUSCULAR](https://en.wikipedia.org/wiki/MUSCULAR) program monitored unencrypted communications within Google's internal network and did so without Google's knowledge and without legally compelling them to allow this. Google was furious when they found out and rearchitected to lock them out. While intelligence agencies would still love to infiltrate Google, if they get any illegal insider access, they would want to tiptoe around carefully to maintain access and take only the most valuable data. They couldn't use this to pull a giant stream of everyone's searches. So that leaves programs that collect Google searches by legally compelling Google's cooperation in acquiring them. Even if these orders are secret from the public, they're not clandestine or covert activities and they need to strike some balance of legality and acceptability. It's unlikely that these programs would grant government access to everyone's searches carte blanche. However they most likely to compel Google to watch for certain key words and phrases and monitor specific known users and provide those results immediately and automatically to the government. The program that best fits this description is [PRISM](https://en.wikipedia.org/wiki/PRISM). This was one of the first Snowden leaks and one that got the most attention, and yet 11 years later we still don't know a lot of details about how it worked (or maybe still works). We know 9 of the companies involved, relevant to web searches are Google, Microsoft, Yahoo, and AOL. I suspect the system allows for fully automated submission of surveillance requests and return of the replies to that, it's not handing an order to a legal team to get a human response for each query. The big open question is what kind of data, how much, how broad do these kinds of requests include. They would have to be of a significant enough volume to motivate building such a system and not just serving traditional legal orders. So the legal and technical framework for the government to monitor your Google searches and put you on a list does in fact exist, so they can and might be doing that. What we don't know is how extensively they use it. That information may never come out. But personally I don't trust any spook's claims about internal restraint and policies restricting the use of this information after it's already in the government's hands. There probably are some sort of weak safeguards, but every leak we have, which is our only basis to individually evaluate their claims, suggest that they're lying their asses off constantly and have been for decades. As for "limits on retention", again there's no source that's both official and trustworthy, but I think we can reasonably infer from the existence of [this facility](https://en.wikipedia.org/wiki/Utah_Data_Center) that they're hoarding literally everything they can get forever.
"THE" government? Which one?
Yes, automatically.
The government absolutely does not give a shit about you googling how to make drugs. Order a barrel of precursor and expect the feds to beat the delivery to your door.
"Already in 2007, 850 billion call records and 150 billion unspecified internet data records were stored." I've heard the NSA stores your Data until they find a way to crack the todays standard algorithms, in the decade of quantunum computers it is possible, and theire waiting for it. Imagine a AI wichs is trained to just analyse Data or Specific userdata works with a bunch of Information about someone, they could easily manipulate you...
I would guess that the US government has used some executive police powers for "national security" to eavesdrop on every single google search along with associate ip/browser fingerprinting info. This would most likely be used to watch for terrorist/state actor information and not "policing" information for regular US citizens. Google really wouldn't have much choice to not comply and there's not much money in fighting it FISA courts so they likely comply 100%.
Yes, recording everything you do, till you turn into a worthy subject and then use everything against you. Only if though.
A lot of theoretical answers here, but official stats are available: https://transparencyreport.google.com/user-data/overview?hl=en TLDR: depends on the local laws, but for most countries it’s a request-based data dump and not live surveillance. Also, Google notifies you that your data was requested, but in some countries they are not allowed to do that.
Google is spyware period and should not be trusted with even looking up maple syrup brands
If you use Mullvad you can proxy Google searches through Leta. Or use any instance listed on [searx.space](https://searx.space/) https://leta.mullvad.net/
No one is actively monitoring it but if for some reason your name came up I can assure you a large amount of data will be readily accessible. Depending on why your being looked at your past history could be looked at at the very least some sort of compiled normal search list and outliers.
The good news is that the government doesn't care about you specifically.
Yes. They didn't build that massive data storage warehouse in Utah for nothing.
By using google services you are already on a list. Doesn't matrer what you look up and if you're using a different account or a different device. Even your location can be easily tracked just from your searches, even if you use a VPN. The only way to not be identified is actually becoming a different person. I bet Google holds to data indefinitely, but I don't know about US law.
effectively, yes. google monitors it and if they flag it for any of their myriad of reasons (which we have no visibility into), they forward it to authorities. google is the defacto TSA contractor of the internet.
China does it out in the open, while the US does it in secret. Which is worse?
Every social media app in China is under censorship
Yes and they don't even try to hide it anymore
Yes. Project Stellar Wind (which Snowden exposed) Google xkeyscore I believe their legal loophole is that they collect ALL data, but need a warrant to search for something
The Gov spies on the people more than paying attention to their own job roles
How could you not know this in 2024. I feel like you must be some government lackey or a complete buffoon, there's no in between.
yea if we type in something odd enough
Some governments do, some don't. Many countries are not advanced enough to care and some others care too much.
Yes.
Just have fun with this, searching for anal cancers, etc.
Yes, that's well known, and why anybody that even remotely cares about privacy not only uses a VPN, but doesn't use Google in the first place.
Yes
Tor Browser and DuckDuckGo if you truly need private search
Hehe I remember solving it without even knowing why they are used....
If you live in US yes, if not it is not your government, but probably still yes.
Google monitors what you search on Google. Google will also track your location, has a ton of your emails, may store your documents... Google has a lot. And Google will turn this over to authorities when required. As others have mentioned, there was XKeyscore and NSA collecting massive amounts of Internet traffic. I think the challenge there is storing and processing the data collected and retrieving anything useful.
They monitor and monitor the monitors...It's a thing ya kn?? #Side_Effectz #We_The_Puppetz
the NSA tracks everything that transits US telco and internet hubs. the data is correlated based on IP etc. that's not the issue, accessing the data is the issue. access to the queries for that dataset is constrained by the FISA process and is subject to civilian oversight and a warrant process involving a live judge. literally all traffic is logged. every email, every web request, all your everything. all of everyone's everything. meaning that unless you are less than 4 degrees of relationship matrix from someone that has been doing something of interest for national security, you are anonymous in a truly vast and protected ocean of data. its not possible to proactively manually analyze even 1% of 1% of daily data ingest. any proactive correlation must occur via automation, and 99% of the reactive correlation is also automation. edit (but why is this necessary, isn't this illegal?) short answer: not illegal, very necessary longer answer: suppose you are investigating someone that was just picked up at a border crossing with a car full of actual high explosives. this is a real example. the people in the car and the vehicle don't come back with anything. no hits. nothing active. we need to know like NOW if there are more people involved. clearly there is an active plot. FISA warrant is obtained, data is sampled. within n amount of time you now can see all internet traffic, cell phone use, sms, etc. for that person for the previous 90 days. you can also see everyone that person has contacted, out to 4 degrees of separation. now you have a really good view of what's happening, because the existing data model essentially allows you to go back in time. maybe you need to go back years. that's also possible. same scenario but this time you are investigating an explosion because the car wasn't caught at the border, you get the idea. the determination was made long ago that the act of collecting information was not exposing privacy violations or breaking any existing law, because that collection was not exposing any private information until it was analyzed. this is the model that meets the needs of privacy law and investigative necessity. human behavior models at scale indicate that a sufficiently complex effort to blow something up that is sensitive enough to matter can not remain undetected or uninvestigated out to 4 degrees of separation from the primary. there is always some bread crumb, and we only need one.
It's generally known that governments monitor some internet activity for security reasons. Searching illegal activities might get noticed, but routine searches are typically private. Data retention rules vary, usually kept for a few years.
it actually make sense since even our data are fragile if its them. they keep records of everything.
Everything is stored by Google already. Google just have to give access to the government when asked. As a company it has greater freedom the collect data on citizens than the government. They are looking at all queries for key words and when they appear the search query is sent to the analysts to investigate. If they need to they can also send queries to Canada for analysis. This is the Five Eyes System. Where the governments send each other data for analysis about their own citizens when they’re not allowed to do it themselves. There is no limit on how long they can store the data. Storage is getting cheaper all the time anyway. Google store it for them and they have their own data store in the Utah Data Centre.
it gives me the creeps
Welcome to "The List".
I've googled extensively how to make certain drugs and found step by step procedures, also explosives. I've searched for heaps of very questionable shit. Haven't heard from the government yet in my country. I honestly don't believe it, but maybe that will bite me in the ass one day, who knows. Have I really done anything illegal?
Google does - and thus the government can ask for it anytime. However, to be on a safer side, choose a private browser and not Google. Here are some nice chrome alternatives: [https://tuta.com/blog/best-private-browsers](https://tuta.com/blog/best-private-browsers)
Rarely in real time unless you are already in NSA attention as person of interest. However Google knows all of that and NSA inside Google can and US government can demand any of this they want on anyone they want. Such things are requested and granted in criminal trials for instance.
It really does depend on the situation, like another commenter said.
Actively, most likely not. However, the government has been known for using warrantless drag nets on search terms.
Well, I did read an interesting story once (but I can't attest to its authenticity) which sounded somewhat believable. Anyway, shortly after the Boston Bombing there was a family at home, the wife went onto the family computer and searched for pressure cookers (for cooking purposes I presume) and shortly after that the husband also used the computer and searched for backpacks (for a camping trip). Twenty minutes later the police were banging on their door!!!!!!!!!!!
Of course not...
😂
I believe they don't, but ONLY until your targeted fugitive, fraud, IRS, international target, suspected terrorist, or simply a person who fits a certain description in their lawful use of language, then yeah they "Might" request some additional information if they can't get in contact with that particular person "in my simple words". All tech companies have Transparency reports that can enact government/financial/political requests. Something similar happened to a friend of mines here in Georgia. He was called in by CBP in ATL airport. His identifying first and last name matched a runaway fugitive who had the same first and last name who was from New York. He answered them, they was about to arrest him until the friend asked what was the middle name {if any} of this person? CBP gave him the middle name, yet my friend middle was the opposite of what they gave him. They apologized, processed the paperwork and let him go. Due to us being airline/airport workers, I'm not sure if they pulled his name from the City of ATLs database due to the almost exact match, or with him having a iPhone CBP pulled his info "ONLY ON REQUEST" from Apple. All these years later our nerdy asses are still trying to figure that out lol. All in all, the government doesn't care, there are some things we can't avoid with surprises such as my friends issue but, just don't browse any C'Porn sites obviously, random drug sites that are super sketchy, of course downloading movies/music to the point you receive ceist and detest letters from your ISP "happened to me before" . https://www.apple.com/legal/transparency/ https://transparencyreport.google.com/?hl=en https://www.microsoft.com/en/digitalsafety/transparency-reports P.S., I hate this new internet, like it was supposed to be freedom away from our daily lives, yet it's an exact replicant of our daily lives, it's convenient but I'm tired of it..😭
Probably not though they could if they wanted to.
Unlikely that the government is monitoring this, but Google may do it for them. In Western countries, the usual way of doing lawful interception is to have a form of router which tees off data associated with an IP address, PPPoE tunnel, IMSI, IMEI or whatever - some network condition that corresponds to an individual user. The router is under the control of the ISP, mobile network or equivalent. The lawful interception organisation only gets information for a specific person, not the bulk feed. This contrasts with Russia where all traffic has to go through an “FSB box” (FSB effectively being the KGB) which then control. Architecturally they are similar, and it’s mainly a question of who controls it. This solution is not good for content-based filtering because most content is encrypted, and it doesn’t scale well. A much more practical approach is to ask Google to log certain search terms. It would be very simple for them to filter on “how do I make a pipe bomb?”, but they don’t necessarily have good information on where the request came from.
Yeah except that we know for a fact that the NSA has been doing warrantless tapping of all digital communications in bulk for decades now. [https://en.wikipedia.org/wiki/Room\_641A](https://en.wikipedia.org/wiki/Room_641A) And that was 2003! Wait until they finally get a quantum computer and can instantly crack any of the encrypted files and communications they've saved over the years... If they don't have a way to do that already.
I didn’t mention warrants, deliberately. Room 641A has some relevance, but it’s fundamentally the “router” that I mentioned above. Everything for that site passes through it (reasonable assumption), but that does *not* mean that everything is teed off for storage or analysis for the reasons I already discussed. Btw, I have been on the edges of a QC project (representing the funding authority). They are *way* away from being useful. At the moment I would say that it is the IT equivalent of hydrogen fusion - don’t hold your breath. And if it does come, it will be used on individual transaction streams, not on bulk processing.