Was drinking in a bar in Espoo in 2012 or 2013 and heard this from someone at rovio.
At the time they used Riak db and basho were onsite and we asked why they didn't enable inter server encryption. "Because nsa pay us 10m not to".
Guess nsa pulled the Riak cluster protocol off the aws fibre.
Is there any reliable source for NSA paying Rovio other than this random bar discussion? Not that I don't believe you or that I'm naive about NSA and the power of money, but I looked around news in 2014 and the accusations against Rovio specifically are a bit different flavor. It seems that Rovio was oversharing data to ad networks (Millennial Media comes up a lot), and NSA likely slurped data from the advertising companies. This bar banter is suggesting that NSA had some kind of arrangement with Rovio directly instead, and Rovio willingly went along.
Or alternatively, do you feel the Rovio employee's blabbering was talking about an actual, real NSA deal with Rovio, or was it more like a bar joke and direct NSA co-operation was not really implied? (e.g. "we know our security is bad, but these ad companies pay us $XX million to not use encryption so it's sorta like NSA pays us to keep it that way sips beer").
I'm interested, because if that is an actual thing that happened, then that's an example of NSA paying a Finnish company $$$ to weaken their security, and the Finnish company willingly agreeing to that. Is it in NSA's Modus Operandi to approach and then pay foreign companies to do this sort of thing?
Your comment is describing it in few words, but to me it sounds like it maybe wasn't implying an actual NSA direct co-operation, more like someone doing bar banter and being entirely serious. But that's just me trying to guess tone.
(I'm Finnish. I want to know if Rovio has skeletons in their closet. So I can roast them.)
On the other hand it would be a very cheap counter espionage measure if a small stream of such payments was enough to convince China et al that the NSA had not broken encryption.
I once asked a VP of engineering at a major ISP why they don't add a layer of encryption to their peering and customer connections to prevent spy agencies from tapping their fibre cables. I was expecting him to say it would be too expensive to upgrade all their network hardware given the amount of traffic. Instead he said: "our routers can already do that, but the government regulator stepped in and prevented us from turning it on."
That's pretty wild. Was it an "investment" of some sort, and then the CEO got a hint with a wink, that there is more where it came from if they don't enable any encryption. Anyone from Rovio who got less than $10m in their pocket willing to tell us a story?
This is exactly why adversarial countries like China want to block large multinational social media and technology companies from their market. India saw facebook try to meddle in their elections. This is probably why the US should block TikTok, although there are further repercussions on free speech and the free market (something China ideologically doesn’t care about).
And the speech repercussions are more like the entire point of the ban. It's not even about trade or security. I'd be fine if they just said, we're banning this because it's from China.
I recommend reading the court's decision, it goes through all the relevant facts and statutes, how they apply, and more importantly it says that even if the higher standard of scrutiny would apply it would pass the test.
page 40, "The problem for TikTok is that the Government exercised its considered judgment and concluded that mitigation efforts short of divestiture were insufficient, as a TikTok declarant puts it, to mitigate “risks to acceptable levels.” "
I still don't quite understand the free speech issue with banning one particular foreign media outlet or platform.
Banning TikTok would do nothing to hinder Americans' ability to say (almost) whatever they want without fear of government retribution. Anything you would have said on TikTok can still be said on Facebook for example, or your own website.
Same reason they can't shut down a newspaper for its opinions. The ban is the government retribution. They also pressure Facebook etc to hide or downrank what they want.
TikTok is the main place pro-Palestine viewpoints went viral. I don't know whether this is because of the demographics of users, or because US platforms were putting their thumb on the scale, or because TikTok was putting its thumb on the scale, or just randomly, but it is in fact the case.
So that's one quite mainstream opinion that would be suppressed if the government banned TikTok. No, you wouldn't be arrested for posting pro-Palestine stuff to Facebook (at least not under Biden...) but that's not the only way for the government to curtail speech.
TikTok has different censorship than Meta and Google platforms. More news about the genocide Palestine reached people through TikTok than other platforms that actively banned activitists and journalists reporting on Israel's warcrimes over the past 18 months.
TikTok used to be one of the few big platforms that didn't censor Israel criticism, though that has changed since Trump imperially overrode the law and unbanned them. It's insane the levels of 1st amendment violation and corruption that is OK now.
I don't defend the practice, but it's a lot easier to hide "adversarial" bot armies on a foreign social network. We have bot armies on US social networks but they are well known and controlled by US interests.
Banning TikTok would be so much more effective than any of the other products. The people that would see the same content on Facebook is a different audience than what is using TikTok. Planting those seeds of confusion on the younger TikTok audience will have a much better ROI than sowing those oats with the old farts left reading FB feeds.
Makes me wonder if the best inroad into influencing china is just direct bribes to government officials. You can’t do it the old fashioned way of propagandizing the population directly given restrictions on third party content, but I’m sure there are plenty of palms for want of greasing in the east same as there are here. Usually such restrictions on action are specifically to force a greasing of a palm anyhow in order to achieve that action than any outright ban.
Engagement-driven personalized “algo” feeds need to be banned in general, by any countries that don’t want to continue swinging rightward. I would feel a lot more confident about the future of liberal democracy if this were under serious discussion in at least some countries, but, afaik, it’s still not even now (it should have been years ago!) which is worrisome.
Rather than going through 1000s of app companies, why not go directly to the 100s of third party analytic companies?
From my research most all apps use some SDK which tracks users. Many apps use 3 or 4 for various marketing / product / business use cases. I've been tracking this on https://appgoblin.info/companies if anyone wants to check. Try looking at the "no analytics" found groups, which are just apps I haven't found evidence of 3rd party trackers, almost certainly they do use them.
I would like to see world where Angry Birds data at least stays on Angry Birds servers and have been working on building a part of that with OpenAttribution (https://openattribution.dev) to let app/game companies build their marketing pipeline with at least one less tracker in the app.
I think as compute is getting cheaper a lot of this should/can be self-hosted by at least larger companies so they have full control of their BI tools and the data underlying it.
2014? this is really old news, and there's no smoking gun in here. it's not like they are looking through your camera or listening to your mic, it's just "who is using this app" type stuff, and the NSA denies they target people who they are not seeking for other reasons
i'm not saying "believe the NSA" or the Five Eyes, but you already know how you think about that
They deny they target people they aren’t seeking for other reasons (uh, duh? This basically doesn’t say anything at all) but don’t deny mass collection, nor using your data to try to target others (or you, if “other reasons” come up!) or to build a general spying-on-everyone surveillance system.
But sure, I do believe them that they don’t bother to look at it unless they want to. Like… yes, that’s how looking works.
They absolutely did deny mass collection (among other things).
The most charitable interpretation of the claims would be that what NSA calls "collection", every other English-speaking human would call "analysis" (or -maybe- "post-collection preprocessing"). This horseshit was reported in many places at the time, but here's the first vaguely-reputable place I could find talking about this sort of thing today [0]:
> Take, for example, the definition of the term “collection.” What qualifies as intelligence collection is critical to the scope of intelligence activity because it determines when intelligence gathering begins. Although it never provides its own definition, EO 12333 repeatedly refers to collection as the beginning of the intelligence gathering cycle. The agencies themselves elaborate on EO 12333’s general guidance by defining collection in their internal procedures. As we chart in greater detail in our article, the Defense Department’s and the NSA’s definitions of collection vary significantly, even though the NSA is a subordinate agency of the Pentagon.
> The Defense Department defines collection as intelligence gathering at a much earlier point than the NSA’s. Under DoD 5240.01, the department’s current manual, “information is collected when it is received by a Defense Intelligence Component,” regardless of how that information is “obtained or acquired.” By contrast, the NSA’s current version of USSID 18 states that collection “means [the] intentional tasking or SELECTION of identified nonpublic communications for subsequent processing aimed at reporting or retention as a file record.” As a result, collection for the Defense Department’s purposes appears to involve no processing or action; information is collected as soon as it is received. For the NSA, however, collection begins only once the information has been “selected” and put to further use.
> ...Under the NSA’s attorney general guidelines, for example, vast amounts of intelligence could be gathered without technically being collected. This means that, on paper, none of the guidelines’ subsequent protections for or limitations on the use of that intelligence apply when the information is first received. In theory, the NSA’s guidelines might permit the agency to gather significant amounts of unprocessed intelligence and then store it indefinitely.
"who is using this app?" sounds like an innocent enough question until that person dies a moment later for reasons that surely had nothing to do with the app.
"There's no point in acting surprised about it. All the planning charts and demolition orders have been on display at your local planning department in Alpha Centauri for 50 of your Earth years, so you've had plenty of time to lodge any formal complaint and it's far too late to start making a fuss about it now."
What possible good is it to know who is using Angry Birds for an intelligence agency? Your explanation makes zero sense. The idea that they’d use it for spying is the only logical explanation.
>It wasn't clear precisely what information can be extracted from which apps, but one of the slides gave the example of a user who uploaded a photo using a social media app. Under the words, "Golden Nugget!" it said that the data generated by the app could be examined to determine a phone's settings, where it connected to, which websites it had visited, which documents it had downloaded, and who its users' friends were.
Sounds like those apps weren't using SSL, and NSA could eavesdrop on whatever API calls or telemetry it was sending? There's no real evidence that those apps are complicit, even though the article tries to imply that.
Readit News
Or alternatively, do you feel the Rovio employee's blabbering was talking about an actual, real NSA deal with Rovio, or was it more like a bar joke and direct NSA co-operation was not really implied? (e.g. "we know our security is bad, but these ad companies pay us $XX million to not use encryption so it's sorta like NSA pays us to keep it that way sips beer").
I'm interested, because if that is an actual thing that happened, then that's an example of NSA paying a Finnish company $$$ to weaken their security, and the Finnish company willingly agreeing to that. Is it in NSA's Modus Operandi to approach and then pay foreign companies to do this sort of thing?
Your comment is describing it in few words, but to me it sounds like it maybe wasn't implying an actual NSA direct co-operation, more like someone doing bar banter and being entirely serious. But that's just me trying to guess tone.
(I'm Finnish. I want to know if Rovio has skeletons in their closet. So I can roast them.)
- Rovio sold data to ad companies (ad companies primarily based in the US)
- They used AWS (to which of course NSA has legal access)
- Data is not end to end encrypted, all metadata sits on servers in plain text and within AWS even moves from server to server in plain text
How much insight metadata can grant to someone like NSA is still wildly underrated.
- https://www.propublica.org/article/spy-agencies-probe-angry-...
https://www.reuters.com/article/world/exclusive-secret-contr...
[1]: https://xkcd.com/538/
Deleted Comment
https://media.cadc.uscourts.gov/opinions/docs/2024/12/24-111...
page 40, "The problem for TikTok is that the Government exercised its considered judgment and concluded that mitigation efforts short of divestiture were insufficient, as a TikTok declarant puts it, to mitigate “risks to acceptable levels.” "
Some of us would understand that message, but that would be eternal fuel for a political fire. The Huawei debacle stumbled in serious opposition.
Deleted Comment
Banning TikTok would do nothing to hinder Americans' ability to say (almost) whatever they want without fear of government retribution. Anything you would have said on TikTok can still be said on Facebook for example, or your own website.
So that's one quite mainstream opinion that would be suppressed if the government banned TikTok. No, you wouldn't be arrested for posting pro-Palestine stuff to Facebook (at least not under Biden...) but that's not the only way for the government to curtail speech.
Half of America's exports is media to foreign countries, you're opening a can of worms.
From my research most all apps use some SDK which tracks users. Many apps use 3 or 4 for various marketing / product / business use cases. I've been tracking this on https://appgoblin.info/companies if anyone wants to check. Try looking at the "no analytics" found groups, which are just apps I haven't found evidence of 3rd party trackers, almost certainly they do use them.
I would like to see world where Angry Birds data at least stays on Angry Birds servers and have been working on building a part of that with OpenAttribution (https://openattribution.dev) to let app/game companies build their marketing pipeline with at least one less tracker in the app.
I think as compute is getting cheaper a lot of this should/can be self-hosted by at least larger companies so they have full control of their BI tools and the data underlying it.
i'm not saying "believe the NSA" or the Five Eyes, but you already know how you think about that
But sure, I do believe them that they don’t bother to look at it unless they want to. Like… yes, that’s how looking works.
The most charitable interpretation of the claims would be that what NSA calls "collection", every other English-speaking human would call "analysis" (or -maybe- "post-collection preprocessing"). This horseshit was reported in many places at the time, but here's the first vaguely-reputable place I could find talking about this sort of thing today [0]:
> Take, for example, the definition of the term “collection.” What qualifies as intelligence collection is critical to the scope of intelligence activity because it determines when intelligence gathering begins. Although it never provides its own definition, EO 12333 repeatedly refers to collection as the beginning of the intelligence gathering cycle. The agencies themselves elaborate on EO 12333’s general guidance by defining collection in their internal procedures. As we chart in greater detail in our article, the Defense Department’s and the NSA’s definitions of collection vary significantly, even though the NSA is a subordinate agency of the Pentagon.
> The Defense Department defines collection as intelligence gathering at a much earlier point than the NSA’s. Under DoD 5240.01, the department’s current manual, “information is collected when it is received by a Defense Intelligence Component,” regardless of how that information is “obtained or acquired.” By contrast, the NSA’s current version of USSID 18 states that collection “means [the] intentional tasking or SELECTION of identified nonpublic communications for subsequent processing aimed at reporting or retention as a file record.” As a result, collection for the Defense Department’s purposes appears to involve no processing or action; information is collected as soon as it is received. For the NSA, however, collection begins only once the information has been “selected” and put to further use.
> ...Under the NSA’s attorney general guidelines, for example, vast amounts of intelligence could be gathered without technically being collected. This means that, on paper, none of the guidelines’ subsequent protections for or limitations on the use of that intelligence apply when the information is first received. In theory, the NSA’s guidelines might permit the agency to gather significant amounts of unprocessed intelligence and then store it indefinitely.
[0] <https://www.lawfaremedia.org/article/what-does-collection-me...>
Vogon detected
"There's no point in acting surprised about it. All the planning charts and demolition orders have been on display at your local planning department in Alpha Centauri for 50 of your Earth years, so you've had plenty of time to lodge any formal complaint and it's far too late to start making a fuss about it now."
Dead Comment
“And why we need to stop you from supporting terrorists” but not because we are against your freedom to speak.
Sounds like those apps weren't using SSL, and NSA could eavesdrop on whatever API calls or telemetry it was sending? There's no real evidence that those apps are complicit, even though the article tries to imply that.