Jump to content

New German law would force ISPs to allow secret service to install trojans


sman

Recommended Posts

New German law would force ISPs to allow secret service to install trojans on user devices

'https://www.privateinternetaccess.com/blog/new-german-law-would-force-isps-to-allow-secret-service-to-install-trojans-on-user-devices/'

A new law being proposed in Germany would see all 19 federal state intelligence agencies in Germany granted the power to spy on German citizens through the use of trojans. The new law would force internet service providers (ISPs) to install government hardware at their data centers which would reroute data to law enforcement, and then on to its intended destination so the target is blissfully unaware that their communications and even software updates are being proxied. Specifically, Netzpolitik pointed out that the law calls for the following:

Germany wants to be the man in the middle

The state sponsored trojans would likely be utilizing software called FinFly ISP from a company called FinFisher which has already been used by German law enforcement in the past. FinFisher claims to be able to inject trojans on target devices from the ISP level with ease::

Link to post
Share on other sites

5 hours ago, AdvancedSetup said:

Sadly at some point, whether it be 1 year, 5 years, 10 years or more. Eventually all governments are going to adopt this or similar tracking ideas. It's just a matter of time and you will only be able to fight it off for so long. 

 

It wouldn’t surprise me at all if they already have started tracking to some point the way things are. 

Link to post
Share on other sites

They always have; what do you think a census is, or a voting poll (or any other type of census/poll)?  Not to mention the fact that, at least here in the US, companies have to turn over data to government agencies upon request, often without a warrant from a judge; just a simple form letter to your ISP, Google, Facebook or whoever and they instantly have tons of data on you and any number of other users/customers.

Of course, modern technology has enabled surveillance and tracking/monitoring to a degree that was previously unheard of.

Link to post
Share on other sites

Two points to remember:

GCHQ in the UK, and NSA in the US, can already intercept most things anyway.
And they share them to get around national regulations, there's no law to stop the UK spying on US citizens and then sharing what they find with the NSA, or vice-versa.
https://www.wired.co.uk/article/gchq-tempora-101
Other countries that don't have that capability are looking for other ways to get access to data.

If they wanted to actually read everything they intercept then they would need to employ half the population to read what the other half is doing.
The best they can do is scan for keywords, and flag up any found for a human to look at.

I wouldn't worry about it, and no doubt my username gets flagged frequently - unless they've already put it on a whitelist.

Edited by nukecad
Link to post
Share on other sites

4 hours ago, nukecad said:

If they wanted to actually read everything they intercept then they would need to employ half the population to read what the other half is doing.
The best they can do is scan for keywords, and flag up any found for a human to look at.

Sadly this is no longer true.  0 humans required thanks to modern AI and Machine Learning.  Performing complex data analysis is what they do, not just for words either; they can identify you by the cadence of your keystrokes when you type text into any form, common phrases you use, terms and concepts you search for, hours of use, sites you visit, where you click/patterns of mouse cursor movement and speed, and countless other factors no human would be capable of analyzing (they're already working on AI capable of identifying certain diseases based on video footage of a person walking (because they can already identify the person based on it without seeing their face) that are too subtle for even a doctor to diagnose).  AI is still far from being perfect, or even true AI since there's no real 'intelligence' to it, but for certain types of tasks, particularly those involving large data sets, and especially for any sort of natively digital data such as anything that would be collected through the web, they are quite adept.

I have no idea if any government agencies are using such AI besides China at the moment, however companies like Google, Microsoft, Facebook and others certainly are.  Modern ASICs and GPUs also make possible supercomputers and datacenters more powerful and less expensive than ever, and it's only accelerating as new technologies and hardware are constantly being developed.

Link to post
Share on other sites

39 minutes ago, sman said:

Wow. and AI can be man's nemesis.

Sure, pretty much any technology with such a wide range of potential uses could be abused to do harm.  It doesn't mean the technology itself is good or bad, just that people, and especially lawmakers, need to pay attention to the possible dangers.

Link to post
Share on other sites

Unfortunately, there is no control for the users short of the limited means they have to do things like block known tracking servers, VPNs, firewalls and the like, however I'd again emphasize the fact that they can still see all activity on websites they have access to (and Google has access to most, as do Facebook, Twitter and many others), and especially if you're using a site that belongs to them (i.e. GMail, Google search (or any major search engine where such tech is being employed).  You cannot prevent a website from seeing where you click, where your mouse goes, the characters you type on the site and countless other attributes that seem harmless and random to humans, but to a machine they're as unique as a fingerprint, especially when multiple data points are combined as filters (another type of activity ML/AI are well suited for).

Heck, Netflix and Youtube alone can be used to determine countless things about a person depending on their viewing patterns and areas of interest.  Beliefs, political views, interests and countless psychological traits can be determined with enough data.

Don't get me wrong; there isn't much real harm that can be done with most of this info, however any claims of the data actually being anonymous is pretty much an illusion given enough data points and sufficient time/volumes of data, and while they may not be able to glean your exact name/address etc., they can at least assign a unique identifier to you and every other user as they gather sufficient data to isolate each unique individual, meaning that after that point, locating and monitoring each individual over time, even when the individual is using a brand new device from a completely different location becomes way easier than humans would ever be capable of.

It's not time to break out the tinfoil hats or anything, however lawmakers and the public have a lot of major issues that need a hard look, and much of this is so subtle and complex there may never be legislation or technology capable of protecting users from all tracking/monitoring and things like targeted advertising and other abuses may end up being the norm.  It's hard to tell a company not to collect and analyze data that no one sees as harmful or unique (machines can see subtle differences and patterns we generally can't), and besides that, I don't think companies are required to detail precisely what they collect and how they use it with AI.  I mean they tell you that they collect info you input into their website and the pages you visit etc., but have you ever seen a site mention they can see things like your mouse movement patterns (not just the clicks) and identify you based on your keystroke cadence?  I haven't, however I know it exists.

https://en.wikipedia.org/wiki/Keystroke_dynamics#Use_as_biometric_data
 

Link to post
Share on other sites

Interesting. But my point was that AI's are not fully dependable and can be counteractive, if there r not controls to override any auto actions/studies when things go awry. Human intervention shd always be in place to take over when needed.

Link to post
Share on other sites

Yes, of course, however how much concern do you think companies have over things going wrong when all they're doing is silent tracking and advertising?  AI is not the be all end all, but it does have the potential to become quite robust, and all the big players are researching and developing it.  It's the new web, essentially.  Where once every company was concerned with getting a website, then they wanted tracking and advertising, now they want AI and they're pouring insane amounts of money and resources into it.

Link to post
Share on other sites

No system is fool proof and need constant evaluation of it's reliability and can be a put-off on this aspect. All depends to how far one can go with such studies. users need to be on guard of what they do and try to minimise any impact of their actions by such sophisticated tech.

Link to post
Share on other sites

Certainly, however most of the kinds of activities that really concern me and which are the most identifiable/unique (like typing cadence) are unconscious making them incredibly difficult, if not impossible, to control/change.  I mean I suppose you could change your typing cadence by deliberately using an onscreen keyboad and a mouse or by using the hunt-and-peck method for typing, hitting one key at a time with a single finger, however anything a person would do to try to 'trick' or 'hide' from such systems would inevitably either fail due to the difficulty of constantly using the device 'abnormally' and accidentally reverting to your normal usage patterns, or the AI will simply learn your 'new' method (which will certainly also suffer the same issues of uniqueness) and track you anyway, though it might not associate your previous 'normal' activities with your new/altered methods of usage.

My point is, whether it is reliable or not, and whether or not it is fool proof is irrelevant.  Google's various algorithms for search, suggestions, ads and other tools/content have always been plagued with issues that Google has had to go back and fix/rework, but that didn't stop it from still controlling what you saw when using their sites and services, and the same goes for any telemetry system.  It may be flawed, however it will improve over time and it isn't some experimental side project with a slow development cycle; it's the primary focus for these companies now.  Microsoft is no longer primarily an OS and software developer; they're now a data collection and AI firm, just like Google, just like Facebook, and just like countless other companies.  They are all highly invested in AI and they are determined to keep pushing it forward.  No AI method is perfect, but it doesn't need to be; they'll keep working on it, tweaking it, improving it and expanding what it can do over time, and bear in mind that they are already actively using this technology for many of their services and products.

This is why every company collects telemetry data now, and this is why Google gives most of their stuff away for free, and it's also the reason Microsoft has been so lax about Windows 10 licensing and pricing (the longtime free upgrade offers and the fact that you can run it in trial mode indefinitely unlike any Windows version that came before).  It started as a tool for search, then became a tool for marketing and advertising, now it is becoming a tool for pretty much any data related task they put it to which might profit them or which they believe provides valuable functionality to their users/customers.  It's like I said, any tech can be good or bad depending on how it's used.  I'm glad Google's algorithms work so well for search and recommending videos, and I'm excited and impressed by many of the prospects that AI has to offer.  I'm just concerned about the very high potential for abuse in addition to the countless abuses we already know are being perpetrated.

Link to post
Share on other sites

Yeah, it's a really great video on the subject.  I've been trying to stay informed on the progress of AI with what little real info is available publicly, but a lot of the details they got, most of it directly from the sources (i.e. the companies/individuals developing and using it), were completely new to me, and many were quite startling.

Things keep progressing faster and faster it seems.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.